Vulnerabilities > Redhat > Ansible Tower

DATE CVE VULNERABILITY TITLE RISK
2022-08-25 CVE-2021-4112 Files or Directories Accessible to External Parties vulnerability in Redhat products
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape.
local
low complexity
redhat CWE-552
8.8
2021-09-22 CVE-2021-3583 Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower
A flaw was found in Ansible, where a user's controller is vulnerable to template injection.
local
low complexity
redhat CWE-94
7.1
2021-05-27 CVE-2020-14327 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A Server-side request forgery (SSRF) flaw was found in Ansible Tower in versions before 3.6.5 and before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14328 Server-Side Request Forgery (SSRF) vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower in versions before 3.7.2.
local
low complexity
redhat CWE-918
2.1
2021-05-27 CVE-2020-14329 Information Exposure vulnerability in Redhat Ansible Tower
A data exposure flaw was found in Ansible Tower in versions before 3.7.2, where sensitive data can be exposed from the /api/v2/labels/ endpoint.
local
low complexity
redhat CWE-200
2.1
2021-05-27 CVE-2020-10697 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running Openshift.
local
low complexity
redhat
4.4
2021-05-27 CVE-2020-10698 Unspecified vulnerability in Redhat Ansible Tower
A flaw was found in Ansible Tower when running jobs.
local
low complexity
redhat
2.1
2021-05-27 CVE-2020-10709 Insufficient Session Expiration vulnerability in Redhat Ansible Tower
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application.
local
low complexity
redhat CWE-613
7.1
2021-05-26 CVE-2021-20191 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in ansible.
local
low complexity
oracle redhat CWE-532
5.5
2021-05-26 CVE-2021-20178 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module.
local
low complexity
redhat fedoraproject CWE-532
5.5